Microsoft Security Bulletin Summary for March 2009

Microsoft published the Microsoft Security Bulletin Summary for March 2009

This bulletin summary lists security bulletins released for March 2009.With the release of the bulletins for March 2009, this bulletin summary replaces the bulletin advance notification originally issued March 5, 2009. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

Microsoft is hosting a webcast to address customer questions on these bulletins on March 11, 2009, at 11:00 AM Pacific Time (US Canada). Register now for the March Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

The following table summarizes the security bulletins for this month in order of severity.For details on affected software, see the next section, Affected Software and Download Locations.

This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.

MS09-007 Vulnerability in SChannel Could Allow Spoofing (960225)

This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.

This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.